[erlang-questions] setting cookies with cowboy websocket handler

Wed Jan 30 01:49:24 CET 2013


I don't believe that sending cookies in the response when in the websocket
handler will result in a cookie being set in the browser. The way I handle
this is sending the cookie in the response outside of the websocket handler.

That is, I have a "home" and "websocket" resource. I deal with
authentication in the usual HTTP/REST way in the "home" resource, and only
when the user is authenticated do I set up a websocket for communications
via the "websocket" resource. My websocket_init function in the "websocket"
resource is able to check for the authentication cookie, and if the user
isn't auth'd then the websocket connection is killed.

I haven't tried (or considered) setting up and sending out an auth cookie
via websocket_init, I don't feel that it makes much sense.

Hope that helps in some way.

On Wed, Jan 30, 2013 at 10:36 AM, Alex Babkin <ababkin@REDACTED> wrote:

> Hi all
> Imagine an auth protocol over a websocket: client sends credentials,
> server responds with either success or failure. If success, it should set
> some persistent state so if the user reloads the page, the session will
> continue until either logout or some timeout
> I'm trying to set a cookie from a websocket handler, such that after a
> page reload, in the websocket handler init i can try to read back the
> cookie and check for it's validity and if valid, resume the session without
> the user needing to login again
> here is some code i tried with no success, i.e upon reload, the cookie is
> no longer there (or perhaps is never getting set by the handler to begin
> with)
> websocket_handle({text, Input}, Req, State) ->
>   lager:debug("stream received ~s", [Input]),
>   Req2 = cowboy_req:set_resp_cookie(
>     <<"auth">>,
>     [<<"test">>],
>     [{max_age, 600}, {path, "/"}, {secure, true}, {http_only, true}],
>     Req
>   ),
>   {ok, Req3} = cowboy_req:reply(200, Req2),
>   {ok, Req3, NewState}.
> ... or alternatively:
> {reply, {text, Output}, Req2, NewState}.
> as the last line
> after the socket terminates and i try to reload page i do this in
> websocket init:
> {Cookie, Req2} = cowboy_req:cookie(<<"auth">>, Req),
> and there are no cookies
> any ideas what i'm doing wrong?
> is this even possible with websocket or do i pretty much have to have a
> dedicated regular http roundtrip to set the auth cookie?
> Thanks
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions


OJ Reeves
+61 431 952 586
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130130/728000f7/attachment.htm>

More information about the erlang-questions mailing list